This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG1xx series can't handle Gbps throughput

Hello,

We're upgrading our internet service to Gbps, and the SG115w simply can't keep up.  According to its spec sheet the UTM should be able to accommodate those speeds if I'm not using IPS, which I'm not.  I'm not using wireless protection (or the wireless network), webserver protection, RED, email protection, web filtering or IPS, and my download speeds are topping out at ~350 Mbps. I am using ATP and App Control is enabled, but I'm not controlling any apps - that's strictly for visibility.  We have a backup connection configured for Uplink Balancing that was disabled prior to testing, a pair of QoS bandwidth reservation rules for our VoIP phones, and 10 multipath rules that apply to 4 services (VoIP, cloud backup x2, FTP).

According to the UTM 9.3 sizing guide, "ATP Realworld" throughput is 1490 Mbps, and "App Ctrl Realworld" throughput is 1790 Mbps.  There are 9 total users in my office, and according to the article the SG115w should be able to serve 9 "power" users with all of its modules enabled.

I've read elsewhere that those throughput numbers may be cumulative (which is not explained anywhere... not cool) so my max download speed may be less if the bandwidth is reserved equally for up/down connections.

According to the sizing guide, if I want to use FW + ATP + IPS "realworld" I need to buy an SG330 to get > 1Gbps performance, assuming the specs are not cumulative, in which case I'd need to buy the SG550 to have enough headroom. I realize that you don't lead with actual performance figures because Marketing, but the assumption that your customers will buy expensive hardware with an expensive software subscription and then turn off most of the services is... less than honest.

Anyway, I provided these details to anticipate questions... my question is this:

Which SG do I need to buy to accommodate a Gbps symmetrical connection?

Thanks for reading.



This thread was automatically locked due to age.
Parents
  • Brian, unfortunately, that's the way the industry does specs.  This is why it's important to use a reseller that can help you make an appropriate choice.

    The SG 115 doesn't have a powerful-enough CPU to handle a gigabit connection.  It sounds like you might be better off with a software license running on a non-Sophos device, but you should make that decision with your trusted reseller.  Depending on your needs, you might be OK with an SG 135.  Again, get trusted guidance.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Brian, unfortunately, that's the way the industry does specs.  This is why it's important to use a reseller that can help you make an appropriate choice.

    The SG 115 doesn't have a powerful-enough CPU to handle a gigabit connection.  It sounds like you might be better off with a software license running on a non-Sophos device, but you should make that decision with your trusted reseller.  Depending on your needs, you might be OK with an SG 135.  Again, get trusted guidance.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Bob, thanks for the reply.  Should I be dividing all of the specs on that sheet by 2 to determine max 1-way bandwidth?  I understand why specs are reported that way, but it makes buying decisions more difficult due to the lack of clarity.  (For example, I'm looking at the UTM main product page on the Sophos website, and the graphic shows a UTM dashboard with 71% of 2GB of RAM used, with every single feature on the UTM activated except for VPN and HA/Cluster.  Anyone who has posted in these forums knows that config is literally impossible.)

    I do have a trusted reseller, but that trust relates mostly to pricing.  They're very helpful and responsive, but like most resellers they work for many vendors and don't happen to be experts in Sophos or UTM.  Their "latest" SG UTM spec sheet lists the rev.1 specs.

    How does one change resellers?  I don't really want to but I need expert technical advice.  We increased our bandwidth from 100 Mbps to 1000 Mbps for a great price, and now I have to explain to my boss that we need to drop another $2k+ on a new firewall.  I don't need help with that, but I need to be able to state with absolute certainty that spending $x will have y result for z period of time.

    We are an SMB; I have 9 users.  Assuming they're all power users, which UTM should I buy if I want to run ALL of the security features with the exception of RED, endpoint AV and Sandstorm? 

    I want to be able to run IPS, ATP, web filtering and network visibility/application control while getting the full throughput of our connection.  We use Bitdefender for AV/anti-spam/anti-malware, so that will be turned off on the UTM.  From what I'm reading, we need the SG 210 rev.3.  Would you agree?

    Your ongoing support in this forum is tremendous and greatly appreciated.  Sophos would be in trouble without you.